1 /* Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved. 2 3 This program is free software; you can redistribute it and/or 4 modify it under the terms of the GNU General Public License 5 as published by the Free Software Foundation; version 2 of 6 the License. 7 8 This program is distributed in the hope that it will be useful, 9 but WITHOUT ANY WARRANTY; without even the implied warranty of 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License 14 along with this program; if not, write to the Free Software 15 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ 16 17 #ifndef _my_audit_h 18 #define _my_audit_h 19 20 #ifndef PLUGIN_CONTEXT 21 #include "plugin.h" 22 #include "mysql/mysql_lex_string.h" 23 #ifndef MYSQL_ABI_CHECK 24 #include "m_string.h" 25 #endif 26 #include "my_command.h" 27 #include "my_sqlcommand.h" 28 #endif /*PLUGIN_CONTEXT*/ 29 30 #define MYSQL_AUDIT_INTERFACE_VERSION 0x0401 31 32 /** 33 @enum mysql_event_class_t 34 35 Audit event classes. 36 */ 37 typedef enum 38 { 39 MYSQL_AUDIT_GENERAL_CLASS = 0, 40 MYSQL_AUDIT_CONNECTION_CLASS = 1, 41 MYSQL_AUDIT_PARSE_CLASS = 2, 42 MYSQL_AUDIT_AUTHORIZATION_CLASS = 3, 43 MYSQL_AUDIT_TABLE_ACCESS_CLASS = 4, 44 MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS = 5, 45 MYSQL_AUDIT_SERVER_STARTUP_CLASS = 6, 46 MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS = 7, 47 MYSQL_AUDIT_COMMAND_CLASS = 8, 48 MYSQL_AUDIT_QUERY_CLASS = 9, 49 MYSQL_AUDIT_STORED_PROGRAM_CLASS = 10, 50 /* This item must be last in the list. */ 51 MYSQL_AUDIT_CLASS_MASK_SIZE 52 } mysql_event_class_t; 53 54 /** 55 @struct st_mysql_audit 56 57 The descriptor structure that is referred from st_mysql_plugin. 58 */ 59 struct st_mysql_audit 60 { 61 /** 62 Interface version. 63 */ 64 int interface_version; 65 66 /** 67 Event occurs when the event class consumer is to be 68 disassociated from the specified THD.This would typically occur 69 before some operation which may require sleeping - such as when 70 waiting for the next query from the client. 71 */ 72 void (*release_thd)(MYSQL_THD); 73 74 /** 75 Invoked whenever an event occurs which is of any 76 class for which the plugin has interest.The second argument 77 indicates the specific event class and the third argument is data 78 as required for that class. 79 */ 80 int (*event_notify)(MYSQL_THD, mysql_event_class_t, const void *); 81 82 /** 83 An array of bits used to indicate what event classes 84 that this plugin wants to receive. 85 */ 86 unsigned long class_mask[MYSQL_AUDIT_CLASS_MASK_SIZE]; 87 }; 88 89 /** 90 @typedef enum_sql_command_t 91 92 SQL command type definition. 93 */ 94 typedef enum enum_sql_command enum_sql_command_t; 95 96 /** 97 @enum mysql_event_general_subclass_t 98 99 Events for the MYSQL_AUDIT_GENERAL_CLASS event class. 100 */ 101 typedef enum 102 { 103 /** occurs before emitting to the general query log. */ 104 MYSQL_AUDIT_GENERAL_LOG = 1 << 0, 105 /** occurs before transmitting errors to the user. */ 106 MYSQL_AUDIT_GENERAL_ERROR = 1 << 1, 107 /** occurs after transmitting a resultset to the user. */ 108 MYSQL_AUDIT_GENERAL_RESULT = 1 << 2, 109 /** occurs after transmitting a resultset or errors */ 110 MYSQL_AUDIT_GENERAL_STATUS = 1 << 3 111 } mysql_event_general_subclass_t; 112 113 #define MYSQL_AUDIT_GENERAL_ALL (MYSQL_AUDIT_GENERAL_LOG | \ 114 MYSQL_AUDIT_GENERAL_ERROR | \ 115 MYSQL_AUDIT_GENERAL_RESULT | \ 116 MYSQL_AUDIT_GENERAL_STATUS) 117 /** 118 @struct mysql_event_general 119 120 Structure for the MYSQL_AUDIT_GENERAL_CLASS event class. 121 */ 122 struct mysql_event_general 123 { 124 mysql_event_general_subclass_t event_subclass; 125 int general_error_code; 126 unsigned long general_thread_id; 127 MYSQL_LEX_CSTRING general_user; 128 MYSQL_LEX_CSTRING general_command; 129 MYSQL_LEX_CSTRING general_query; 130 struct charset_info_st *general_charset; 131 unsigned long long general_time; 132 unsigned long long general_rows; 133 MYSQL_LEX_CSTRING general_host; 134 MYSQL_LEX_CSTRING general_sql_command; 135 MYSQL_LEX_CSTRING general_external_user; 136 MYSQL_LEX_CSTRING general_ip; 137 }; 138 139 /** 140 @enum mysql_event_connection_subclass_t 141 142 Events for MYSQL_AUDIT_CONNECTION_CLASS event class. 143 */ 144 typedef enum 145 { 146 /** occurs after authentication phase is completed. */ 147 MYSQL_AUDIT_CONNECTION_CONNECT = 1 << 0, 148 /** occurs after connection is terminated. */ 149 MYSQL_AUDIT_CONNECTION_DISCONNECT = 1 << 1, 150 /** occurs after COM_CHANGE_USER RPC is completed. */ 151 MYSQL_AUDIT_CONNECTION_CHANGE_USER = 1 << 2, 152 /** occurs before authentication. */ 153 MYSQL_AUDIT_CONNECTION_PRE_AUTHENTICATE = 1 << 3 154 } mysql_event_connection_subclass_t; 155 156 #define MYSQL_AUDIT_CONNECTION_ALL (MYSQL_AUDIT_CONNECTION_CONNECT | \ 157 MYSQL_AUDIT_CONNECTION_DISCONNECT | \ 158 MYSQL_AUDIT_CONNECTION_CHANGE_USER | \ 159 MYSQL_AUDIT_CONNECTION_PRE_AUTHENTICATE) 160 /** 161 @struct mysql_event_connection 162 163 Structure for the MYSQL_AUDIT_CONNECTION_CLASS event class. 164 */ 165 struct mysql_event_connection 166 { 167 /** Event subclass. */ 168 mysql_event_connection_subclass_t event_subclass; 169 /** Current status of the connection. */ 170 int status; 171 /** Connection id. */ 172 unsigned long connection_id; 173 /** User name of this connection. */ 174 MYSQL_LEX_CSTRING user; 175 /** Priv user name. */ 176 MYSQL_LEX_CSTRING priv_user; 177 /** External user name. */ 178 MYSQL_LEX_CSTRING external_user; 179 /** Proxy user used for this connection. */ 180 MYSQL_LEX_CSTRING proxy_user; 181 /** Connection host. */ 182 MYSQL_LEX_CSTRING host; 183 /** IP of the connection. */ 184 MYSQL_LEX_CSTRING ip; 185 /** Database name specified at connection time. */ 186 MYSQL_LEX_CSTRING database; 187 /** Connection type: 188 - 0 Undefined 189 - 1 TCP/IP 190 - 2 Socket 191 - 3 Named pipe 192 - 4 SSL 193 - 5 Shared memory 194 */ 195 int connection_type; 196 }; 197 198 /** 199 @enum mysql_event_parse_subclass_t 200 201 Events for MYSQL_AUDIT_PARSE_CLASS event class. 202 */ 203 typedef enum 204 { 205 /** occurs before the query parsing. */ 206 MYSQL_AUDIT_PARSE_PREPARSE = 1 << 0, 207 /** occurs after the query parsing. */ 208 MYSQL_AUDIT_PARSE_POSTPARSE = 1 << 1 209 } mysql_event_parse_subclass_t; 210 211 #define MYSQL_AUDIT_PARSE_ALL (MYSQL_AUDIT_PARSE_PREPARSE | \ 212 MYSQL_AUDIT_PARSE_POSTPARSE) 213 214 typedef enum 215 { 216 MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_NONE = 0, 217 /// mysql_event_parse::flags Must be set by a plugin if the query is rewritten. 218 MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_QUERY_REWRITTEN = 1 << 0, 219 /// mysql_event_parse::flags Is set by the server if the query is prepared statement. 220 MYSQL_AUDIT_PARSE_REWRITE_PLUGIN_IS_PREPARED_STATEMENT = 1 << 1 221 } mysql_event_parse_rewrite_plugin_flag; 222 223 /** Data for the MYSQL_AUDIT_PARSE events */ 224 struct mysql_event_parse 225 { 226 /** MYSQL_AUDIT_[PRE|POST]_PARSE event id */ 227 mysql_event_parse_subclass_t event_subclass; 228 229 /** one of FLAG_REWRITE_PLUGIN_* */ 230 mysql_event_parse_rewrite_plugin_flag *flags; 231 232 /** input: the original query text */ 233 MYSQL_LEX_CSTRING query; 234 235 /** output: returns the null-terminated rewritten query allocated by my_malloc() */ 236 MYSQL_LEX_CSTRING *rewritten_query; 237 }; 238 239 /** 240 @enum mysql_event_authorization_subclass_t 241 242 Events for MYSQL_AUDIT_AUTHORIZATION_CLASS event class. 243 */ 244 typedef enum 245 { 246 MYSQL_AUDIT_AUTHORIZATION_USER = 1 << 0, 247 /** Occurs when database privilege is checked. */ 248 MYSQL_AUDIT_AUTHORIZATION_DB = 1 << 1, 249 /** Occurs when table privilege is checked. */ 250 MYSQL_AUDIT_AUTHORIZATION_TABLE = 1 << 2, 251 /** Occurs when column privilege is checked. */ 252 MYSQL_AUDIT_AUTHORIZATION_COLUMN = 1 << 3, 253 /** Occurs when procedure privilege is checked. */ 254 MYSQL_AUDIT_AUTHORIZATION_PROCEDURE = 1 << 4, 255 /** Occurs when proxy privilege is checked. */ 256 MYSQL_AUDIT_AUTHORIZATION_PROXY = 1 << 5 257 } mysql_event_authorization_subclass_t; 258 259 #define MYSQL_AUDIT_AUTHORIZATION_ALL (MYSQL_AUDIT_AUTHORIZATION_USER | \ 260 MYSQL_AUDIT_AUTHORIZATION_DB | \ 261 MYSQL_AUDIT_AUTHORIZATION_TABLE | \ 262 MYSQL_AUDIT_AUTHORIZATION_COLUMN | \ 263 MYSQL_AUDIT_AUTHORIZATION_PROCEDURE | \ 264 MYSQL_AUDIT_AUTHORIZATION_PROXY) 265 /** 266 @struct mysql_event_authorization 267 268 Structure for MYSQL_AUDIT_AUTHORIZATION_CLASS event class. 269 */ 270 struct mysql_event_authorization 271 { 272 /** Event subclass. */ 273 mysql_event_authorization_subclass_t event_subclass; 274 /** Event status. */ 275 int status; 276 /** Connection id. */ 277 unsigned int connection_id; 278 /** SQL command id. */ 279 enum_sql_command_t sql_command_id; 280 /** SQL query text. */ 281 MYSQL_LEX_CSTRING query; 282 /** SQL query charset. */ 283 const struct charset_info_st *query_charset; 284 /** Database name. */ 285 MYSQL_LEX_CSTRING database; 286 /** Table name. */ 287 MYSQL_LEX_CSTRING table; 288 /** Other name associated with the event. */ 289 MYSQL_LEX_CSTRING object; 290 /** Requested authorization privileges. */ 291 unsigned long requested_privilege; 292 /** Currently granted authorization privileges. */ 293 unsigned long granted_privilege; 294 }; 295 296 /** 297 @enum mysql_event_table_row_access_subclass_t 298 299 Events for MYSQL_AUDIT_TABLE_ACCES_CLASS event class. 300 */ 301 typedef enum 302 { 303 /** Occurs when table data are read. */ 304 MYSQL_AUDIT_TABLE_ACCESS_READ = 1 << 0, 305 /** Occurs when table data are inserted. */ 306 MYSQL_AUDIT_TABLE_ACCESS_INSERT = 1 << 1, 307 /** Occurs when table data are updated. */ 308 MYSQL_AUDIT_TABLE_ACCESS_UPDATE = 1 << 2, 309 /** Occurs when table data are deleted. */ 310 MYSQL_AUDIT_TABLE_ACCESS_DELETE = 1 << 3 311 } mysql_event_table_access_subclass_t; 312 313 #define MYSQL_AUDIT_TABLE_ACCESS_ALL (MYSQL_AUDIT_TABLE_ACCESS_READ | \ 314 MYSQL_AUDIT_TABLE_ACCESS_INSERT | \ 315 MYSQL_AUDIT_TABLE_ACCESS_UPDATE | \ 316 MYSQL_AUDIT_TABLE_ACCESS_DELETE) 317 318 /** 319 @struct mysql_event_table_row_access 320 321 Structure for MYSQL_AUDIT_TABLE_ACCES_CLASS event class. 322 */ 323 struct mysql_event_table_access 324 { 325 /** Event subclass. */ 326 mysql_event_table_access_subclass_t event_subclass; 327 /** Connection id. */ 328 unsigned long connection_id; 329 /** SQL command id. */ 330 enum_sql_command_t sql_command_id; 331 /** SQL query. */ 332 MYSQL_LEX_CSTRING query; 333 /** SQL query charset. */ 334 const struct charset_info_st *query_charset; 335 /** Database name. */ 336 MYSQL_LEX_CSTRING table_database; 337 /** Table name. */ 338 MYSQL_LEX_CSTRING table_name; 339 }; 340 341 /** 342 @enum mysql_event_global_variable_subclass_t 343 344 Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class. 345 */ 346 typedef enum 347 { 348 /** Occurs when global variable is retrieved. */ 349 MYSQL_AUDIT_GLOBAL_VARIABLE_GET = 1 << 0, 350 /** Occurs when global variable is set. */ 351 MYSQL_AUDIT_GLOBAL_VARIABLE_SET = 1 << 1 352 } mysql_event_global_variable_subclass_t; 353 354 #define MYSQL_AUDIT_GLOBAL_VARIABLE_ALL (MYSQL_AUDIT_GLOBAL_VARIABLE_GET | \ 355 MYSQL_AUDIT_GLOBAL_VARIABLE_SET) 356 357 /** Events for MYSQL_AUDIT_GLOBAL_VARIABLE_CLASS event class. */ 358 struct mysql_event_global_variable 359 { 360 /** Event subclass. */ 361 mysql_event_global_variable_subclass_t event_subclass; 362 /** Connection id. */ 363 unsigned long connection_id; 364 /** SQL command id. */ 365 enum_sql_command_t sql_command_id; 366 /** Variable name. */ 367 MYSQL_LEX_CSTRING variable_name; 368 /** Variable value. */ 369 MYSQL_LEX_CSTRING variable_value; 370 }; 371 372 /** 373 @enum mysql_event_server_startup_subclass_t 374 375 Events for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class. 376 */ 377 typedef enum 378 { 379 /** Occurs after all subsystem are initialized during system start. */ 380 MYSQL_AUDIT_SERVER_STARTUP_STARTUP = 1 << 0 381 } mysql_event_server_startup_subclass_t; 382 383 #define MYSQL_AUDIT_SERVER_STARTUP_ALL (MYSQL_AUDIT_SERVER_STARTUP_STARTUP) 384 385 /** 386 @struct mysql_event_server_startup 387 388 Structure for MYSQL_AUDIT_SERVER_STARTUP_CLASS event class. 389 */ 390 struct mysql_event_server_startup 391 { 392 /** Event subclass. */ 393 mysql_event_server_startup_subclass_t event_subclass; 394 /** Command line arguments. */ 395 const char **argv; 396 /** Command line arguments count. */ 397 unsigned int argc; 398 }; 399 400 /** 401 @enum mysql_event_server_shutdown_subclass_t 402 403 Events for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class. 404 */ 405 typedef enum 406 { 407 /** Occurs when global variable is set. */ 408 MYSQL_AUDIT_SERVER_SHUTDOWN_SHUTDOWN = 1 << 0 409 } mysql_event_server_shutdown_subclass_t; 410 411 #define MYSQL_AUDIT_SERVER_SHUTDOWN_ALL (MYSQL_AUDIT_SERVER_SHUTDOWN_SHUTDOWN) 412 413 /** 414 @enum mysql_server_shutdown_reason_t 415 416 Server shutdown reason. 417 */ 418 typedef enum 419 { 420 /** User requested shut down. */ 421 MYSQL_AUDIT_SERVER_SHUTDOWN_REASON_SHUTDOWN, 422 /** The server aborts. */ 423 MYSQL_AUDIT_SERVER_SHUTDOWN_REASON_ABORT 424 } mysql_server_shutdown_reason_t; 425 426 /** 427 @struct mysql_event_server_shutdown 428 429 Structure for MYSQL_AUDIT_SERVER_SHUTDOWN_CLASS event class. 430 */ 431 struct mysql_event_server_shutdown 432 { 433 /** Shutdown event. */ 434 mysql_event_server_shutdown_subclass_t event_subclass; 435 /** Exit code associated with the shutdown event. */ 436 int exit_code; 437 /** Shutdown reason. */ 438 mysql_server_shutdown_reason_t reason; 439 }; 440 441 /** 442 @enum mysql_event_command_subclass_t 443 444 Events for MYSQL_AUDIT_COMMAND_CLASS event class. 445 */ 446 typedef enum 447 { 448 /** Command start event. */ 449 MYSQL_AUDIT_COMMAND_START = 1 << 0, 450 /** Command end event. */ 451 MYSQL_AUDIT_COMMAND_END = 1 << 1 452 } mysql_event_command_subclass_t; 453 454 #define MYSQL_AUDIT_COMMAND_ALL (MYSQL_AUDIT_COMMAND_START | \ 455 MYSQL_AUDIT_COMMAND_END) 456 /** 457 @typedef enum_server_command_t 458 459 Server command type definition. 460 */ 461 typedef enum enum_server_command enum_server_command_t; 462 463 /** 464 @struct mysql_event_command 465 466 Event for MYSQL_AUDIT_COMMAND_CLASS event class. 467 Events generated as a result of RPC command requests. 468 */ 469 struct mysql_event_command 470 { 471 /** Command event subclass. */ 472 mysql_event_command_subclass_t event_subclass; 473 /** Command event status. */ 474 int status; 475 /** Connection id. */ 476 unsigned long connection_id; 477 /** Command id. */ 478 enum_server_command_t command_id; 479 }; 480 481 /** 482 @enum mysql_event_query_subclass_t 483 484 Events for MYSQL_AUDIT_QUERY_CLASS event class. 485 */ 486 typedef enum 487 { 488 /** Query start event. */ 489 MYSQL_AUDIT_QUERY_START = 1 << 0, 490 /** Nested query start event. */ 491 MYSQL_AUDIT_QUERY_NESTED_START = 1 << 1, 492 /** Query post parse event. */ 493 MYSQL_AUDIT_QUERY_STATUS_END = 1 << 2, 494 /** Nested query status end event. */ 495 MYSQL_AUDIT_QUERY_NESTED_STATUS_END = 1 << 3 496 } mysql_event_query_subclass_t; 497 498 #define MYSQL_AUDIT_QUERY_ALL (MYSQL_AUDIT_QUERY_START | \ 499 MYSQL_AUDIT_QUERY_NESTED_START | \ 500 MYSQL_AUDIT_QUERY_STATUS_END | \ 501 MYSQL_AUDIT_QUERY_NESTED_STATUS_END) 502 /** 503 @struct mysql_event_command 504 505 Event for MYSQL_AUDIT_COMMAND_CLASS event class. 506 */ 507 struct mysql_event_query 508 { 509 /** Event subclass. */ 510 mysql_event_query_subclass_t event_subclass; 511 /** Event status. */ 512 int status; 513 /** Connection id. */ 514 unsigned long connection_id; 515 /** SQL command id. */ 516 enum_sql_command_t sql_command_id; 517 /** SQL query. */ 518 MYSQL_LEX_CSTRING query; 519 /** SQL query charset. */ 520 const struct charset_info_st *query_charset; 521 }; 522 523 /** 524 @enum mysql_event_stored_program_subclass_t 525 526 Events for MYSQL_AUDIT_STORED_PROGRAM_CLASS event class. 527 */ 528 typedef enum 529 { 530 /** Stored program execution event. */ 531 MYSQL_AUDIT_STORED_PROGRAM_EXECUTE = 1 << 0 532 } mysql_event_stored_program_subclass_t; 533 534 #define MYSQL_AUDIT_STORED_PROGRAM_ALL (MYSQL_AUDIT_STORED_PROGRAM_EXECUTE) 535 536 /** 537 @struct mysql_event_command 538 539 Event for MYSQL_AUDIT_COMMAND_CLASS event class. 540 */ 541 struct mysql_event_stored_program 542 { 543 /** Event subclass. */ 544 mysql_event_stored_program_subclass_t event_subclass; 545 /** Connection id. */ 546 unsigned long connection_id; 547 /** SQL command id. */ 548 enum_sql_command_t sql_command_id; 549 /** SQL query text. */ 550 MYSQL_LEX_CSTRING query; 551 /** SQL query charset. */ 552 const struct charset_info_st *query_charset; 553 /** The Database the procedure is defined in. */ 554 MYSQL_LEX_CSTRING database; 555 /** Name of the stored program. */ 556 MYSQL_LEX_CSTRING name; 557 /** Stored program parameters. */ 558 void *parameters; 559 }; 560 561 #endif 562